Traditional infrastructure setup involves a lot of manual work. You have to set up each part one by one, and that takes time and can lead to mistakes.
AWS CloudFormation makes this much easier. It lets you create a template for all the resources you need to create, and then it sets them up for you. You can also keep track of what you've done (version control) and easily make changes if needed. This way, you always have a clear and consistent way to set up your infrastructure. Overall, CloudFormation provides a more efficient, reliable, and scalable approach to infrastructure deployment.
In this hands-on exercise, you will:
Experience deploying a CloudFormation template*
Define a set of AWS resources with the template
Deploy the template to create a stack**
Update and manage the stack using the AWS Management Console
*CloudFormation template: This is a JSON or YAML formatted document that defines which AWS resources you want to provision and configure. It acts as a blueprint, specifying resource types, properties, and their relationships.
**CloudFormation stack: When you deploy the CloudFormation template, the group of resources that gets created together is called a stack. It's like bringing your blueprint to life – all those resources are created and managed as one unit.
By the end of this hands-on exercise, you should be able to do the following.
Deploy an AWS CloudFormation stack with a defined Virtual Private Cloud (VPC), and Security Group.
Configure an AWS CloudFormation stack with resources, such as an S3 bucket and EC2 instance.
Terminate an AWS CloudFormation and its respective resources.
Select your preferred region for doing this exercise. We recommend picking the region that's closest to you.
Task 1: Deploy a CloudFormation stack
In this task, you will begin by deploying a CloudFormation stack that creates a VPC as shown in this diagram:
Download the CloudFormation template: click here! The download should begin automatically.
What's inside this file? Inside this file is the CloudFormation template we're using. This template is a script that sets up a VPC with public internet access, a subnet, and a security group to allow web traffic.
Open this file in a Text Editor such as Notepad, TextEdit, Notepad++ and other text editor. To do this, find the file in your Downloads folder, right-click on the file, and hover over 'Open With'. A text editor option should be available in the list!
Look through the file. You will notice several sections:
The Parameters section is used to prompt for information that will be reused across the template. The template is asking for two IP address (CIDR) ranges for defining the VPC.
The Resources section is used to define the resources CloudFormation is going to create. The template is defining the VPC, and a Security Group.
The Outputs section is used to provide selective details about resources in the stack. The template is providing the Default Security Group for the VPC that is created.
The template is written in a format called YAML, which is commonly used for configuration files. The format of the file is important, including the indents and hyphens. CloudFormation templates can also be written in JSON.
You will now use this template to launch a CloudFormation stack.
In the AWS Management Console, on the Services menu, search for CloudFormation.and click it.
Click Create stack.
In this section Prerequisite - Prepare template provides options for preparing a template. You have three choices:
Template is ready: If they already have a prepared template. In this exercise, you will choose Template is ready since you've downloaded the file from the previous step.
Use a sample template: To use a provided AWS template.
Create template in Designer: To visually design a new template.
Nice! Now AWS knows you're using an existing template. But AWS doesn't know what this existing template looks like. That why it asks you to specify the format of your template in Specify template. You two options to provide the template under Template source:
Amazon S3 URL: This option lets users provide a URL if their template is stored on Amazon S3.
Upload a template file: Here, users can upload a file directly from their device.
3. Choose Upload a template file. Click Browse or Choose file and upload the template file you downloaded earlier.
After the file is uploaded, CloudFormation generates and displays an Amazon S3 URL. This URL indicates where the uploaded template is stored, and it's hosted in the ap-southeast-2 AWS region.
On the Specify Details page, configure:
Stack name: Lab-VPCStack
In the Parameters section, you will see that CloudFormation is prompting for the IP address ('CIDR') range for the VPC and Subnet. No need to edit this - our template already decided on a default value (under Parameters).
The Options page can be used to specify additional parameters. You can browse the page, but leave settings at their default values.
6. Click Next.
The Review page displays a summary of all settings. Some of the resources are defined with custom names, which can lead to naming conflicts. CloudFormation might give you a little banner that says custom names are being used to remind you about this.
7. Click Submit.
The stack will now enter the CREATE_IN_PROGRESS status. Oooooooo! 😗
8. Click the Events tab and scroll through the listing.
The listing shows (in reverse order) the activities performed by CloudFormation, such as starting to create a resource and then completing the resource creation. Any errors during stack creation will be listed in this tab.
9. Click the Resources tab.
The listing shows the resources that are being created. CloudFormation determines the optimal ideas for resources to be created, e.g. creating the VPC before the subnet.
10. Wait until the status changes to CREATE_COMPLETE. You can click Refresh icon occasionally to update the display.
Optional: Navigate to the VPC console in a new browser tab to see Lab VPC was created. That's CloudFormation at work! Then, return to the CloudFormation console.
Task 2: Add an Amazon S3 bucket to the stack
In this task, you will edit a CloudFormation template.
Your objective is to:
Add an Amazon S3 bucket to the template
Then update the stack with the revised template
This will result in a new bucket being deployed.
Instead of following set instructions, you'll have to figure out how to modify the template on your own!
If you feel stuck, here are some tips:
You should edit the Task1.yaml file you downloaded earlier to include an Amazon S3 bucket.
The correct solution only needs two lines — one for the identifier and one for the type.
Your code should go under the Resources header in the template file. You do not need to edit any Properties for this bucket resource
Indents are important in YAML — use two spaces for each indent.
Once you have edited the template, continue with the following steps to update the stack.
In the CloudFormation console, select Lab-VPCStack. Click Update.
2. Choose Replace current template, then choose Upload a template file. Click Choose file, then browse to and select the Task1.yaml file that you modified.
3. Click Next.
Note: If you receive an error message here, it's probably something to do with the code you've added. Ask the NextWork community about what you see!
4. On the Specify stack details page, click Next.
5. On the Configure stack options page, click Next.
Wait for CloudFormation to calculate the changes. You should see something similar to this at the bottom of the page:
This means CloudFormation will Add an Amazon S3 bucket. All other resources defined in the template will be unchanged. Woohoo! Your existing resources do not need to be redeployed - how easy and simple. 😮💨
6. Click Submit.
After a minute, the stack status will change from UPDATE_IN_PROGRESS to UPDATE_COMPLETE.
8. Click the Resources tab.
The bucket will now be displayed in the list of resources. CloudFormation will have assigned it a random name so that it doesn't conflict with any existing bucket names.
Task 3: Add an Amazon EC2 instance to the stack
In this task, your objective is to add an Amazon EC2 instance to the template, then update the stack with the revised template.
While creating an S3 bucket is pretty straightforward (only taking two lines), setting up an Amazon EC2 instance is a bit trickier. This is because the EC2 instance requires other related items like an AMI, a security group, and a subnet.
First, you will add a special parameter that is used to provide a value for the Amazon Machine Image (AMI).
Update the template by adding these lines in the Parameters section:
This parameter fetches the Amazon Linux 2023 AMI.
When writing CloudFormation templates, you can refer to other resources in the template by using the !Ref keyword. Let's take a cheeky look back at the Task1.yaml template that defines a VPC, then references the VPC within the Route Table definition using !Ref:
You will use this technique when defining the EC2 instance.
2. Use the tips below to update the template to add an Amazon EC2 instance with the following Properties:
- ImageId: Refer to AmazonLinuxAMIID, which is the parameter added in the previous step
- InstanceType: t2.micro
- NetworkInterfaces is used for AWS resources that need to connect to the internet, like an EC2 computer. It tells the resource how to connect to the network and has these important settings:
- DeviceIndex becomes more important when you have multiple network connections, because it helps prioritise which network connections are most important. Since we only have one connection going, the value is 0.
- SubnetId is the ID of the subnet to associate with the network interface. Refer to PublicSubnet, which is defined elsewhere in the template
- AssociatePublicIpAddress decides whether the network interface receives a public IP address. The value of this should be true.
- GroupSet contains a list of security group IDs to assign to the network interface. Refer to AppSecurityGroup, which is defined elsewhere in the template.
- Tags: Use this YAML block:
If you feel stuck, here are some tips:
Use this documentation page for assistance: AWS::EC2::Instance. Remember we're writing in YAML! Scroll to the bottom of the page for an example on how to include NetworkInterfaces in your code.
Your code should go under the Resources: header in the template file.
Only add the four Properties listed above, there is no need to include any other properties.
When referring to other resources in the same template, use !Ref — see the VPC example above.
3. Once you have edited the template, update the stack with your revised template file. The steps to updating the template is exactly the same as the previous task.